RubyGems CVE-2017-0899 Security Bypass Vulnerability



RubyGems is prone to a security-bypass vulnerability.

Successful exploits may allow attackers to bypass security restrictions and perform unauthorized actions.

RubyGems version 2.6.12 and prior versions are affected.

Information

Bugtraq ID: 100576
Class: Design Error
CVE: CVE-2017-0899

Remote: Yes
Local: No
Published: Aug 31 2017 12:00AM
Updated: Aug 31 2017 12:00AM
Credit: Yusuke Endoh.
Vulnerable: RubyGems RubyGems 2.4.7
RubyGems RubyGems 2.4.6
RubyGems RubyGems 2.4.5
RubyGems RubyGems 2.4.4
RubyGems RubyGems 2.4.3
RubyGems RubyGems 2.4.2
RubyGems RubyGems 2.4.1
RubyGems RubyGems 2.4
RubyGems RubyGems 2.2.5
RubyGems RubyGems 2.2.4
RubyGems RubyGems 2.2.3
RubyGems RubyGems 2.2.2
RubyGems RubyGems 2.2.1
RubyGems RubyGems 2.2
RubyGems RubyGems 2.0.17
RubyGems RubyGems 2.0.16
RubyGems RubyGems 2.0.15
RubyGems RubyGems 2.0.14
RubyGems RubyGems 2.0.13
RubyGems RubyGems 2.0.12
RubyGems RubyGems 2.0.11
RubyGems RubyGems 2.0.10
RubyGems RubyGems 2.0.7
RubyGems RubyGems 2.0.6
RubyGems RubyGems 2.0.5
RubyGems RubyGems 2.0.4
RubyGems RubyGems 2.0.3
RubyGems RubyGems 2.0.2
RubyGems RubyGems 2.0.1
RubyGems RubyGems 2.0
RubyGems RubyGems 2.6.12
RubyGems RubyGems 2.1.4
RubyGems RubyGems 2.1.0
RubyGems RubyGems 2.0.9
RubyGems RubyGems 2.0.8
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0


Not Vulnerable: RubyGems RubyGems 2.6.13


Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts

Comments